Today a wide range of organizations from across the political spectrum—including EFF—sent a letter to the Senate protesting Sen. Sheldon Whitehouse's proposed draconian Computer Fraud and Abuse Act amendment to the "cybersecurity" surveillance bill CISA.

Since the death of activist and Internet pioneer Aaron Swartz three years ago, people from across the political spectrum have urged Congress to reform the CFAA, given its harsh penalties for "crimes" that result in little or no economic harm as well as the Justice Department's interpretation of terms of use violations that leaves virtually every Internet user a criminal.

Rep. Zoe Lofgren and Sen. Ron Wyden have been working hard on crafting reform and EFF has already published its own proposed fixes to the CFAA. We urge the Senate to vote against this amendment and work with Rep. Lofgren and outside groups to reform the CFAA.

The CFAA should not engulf security researchers, innovators, and everyday Internet users. It should instead be used for its original, intended purpose: to go after malicious criminals who could cause real harm and economic damage.

You can read the full text of the letter and download a copy of the PDF version below.

We, the undersigned civil liberties and privacy groups, and security experts, write in opposition to the proposed amendment (No. 2626) from Senator Whitehouse to the Cybersecurity Information Sharing Act (“CISA”) that would expand the Computer Fraud and Abuse Act (“CFAA”).

Amendment No. 2626 would alter the CFAA in dangerous and unpredictable ways.

First, the amendment would expand the existing prohibition in the CFAA against selling passwords to any “means of access” without clarifying how the law applies to legitimate computer security research, such as paid researchers who identify and disclose software vulnerabilities. Second, the amendment includes a requirement that empowers government to obtain injunctions that can force companies to hack computer users for a wide range of activity unrelated to botnets, though the provision is ostensibly directed at stopping botnets. Third, the amendment would create a broad new criminal violation for damaging critical infrastructure, which is already illegal under the CFAA.

The Whitehouse amendment fails to address ambiguity in current law that has led to the use of the CFAA to prosecute valuable security research, levy disproportionate penalties, and criminalize ordinary Internet activity. We are united in our view that, at the very least, any amendment to the CFAA be subject to full and open debate and must not be tacked on to CISA, itself a highly controversial and complex piece of legislation.

The amendment would exacerbate existing problems with the CFAA and enable prosecution of behaviors that are not malicious computer trespasses or hacking, which was the original and appropriate target of the CFAA. Worse, these changes are being rushed through Congress without adequate debate over the far-reaching effects of its provisions. .

Related Updates

There is very little doubt that Equifax’s negligent security practices were a major contributing factor in the massive breach of 145.5-million Americans’ most sensitive information. In the wake of the breach, EFF has spent a lot of time thinking through how to ensure that such a catastrophic breach doesn’t happen...

This summer 143 million Americans had their most sensitive information breached, including their name, addresses, social security numbers (SSNs), and date of birth. The breach occurred at Equifax, one of the three major credit reporting agencies that conducts the credit checks relied on by many industries, including landlords, car lenders...

Attorney General nominee Sen. Jeff Sessions is testifying in front of the Senate Judiciary Committee today as part of his confirmation process. EFF has voiced concerns about President-elect Donald Trump’s nomination of Sessions to lead the Justice Department, citing past statements he has made and votes he has cast on...

"So one undereported aspect to the Safe Harbor decision is that much of it hangs off the judgement by the ECJ that it's the United States' existing surveillance laws that are the problem, not just the companies' compliance with EU privacy law," says Danny O'Brien, international director of the Electronic...

The White House endorsed the bill even before it passed the Senate, so it was no surprise that the president signed the must-pass federal budget bill to which the House of Representatives added CISA in December. And while the White House previously identified the need for...

Privacy advocates expressed dismay with this latest version of the legislation, particularly the opaque way in which a small group of lawmakers drafted the final version of the measure and then incorporated it into a colossal spending bill. "Such key legislation should not be sandwiched into the omnibus or a...

Today, House leadership released text of the 2016 "Omnibus package." The legislative package is supposed to deal exclusively with funding the federal government through 2016; however, leadership also managed to include a dangerous cybersecurity "information sharing" bill. The cybersecurity bill is a combination of three bad cybersecurity bills...

Update: The final text of CISA is being negotiated right now. Take action here. CISA passed out of the Senate by a disappointing vote of 74-21 last week. The bill has already passed out of the House, and now it goes to a conference committee to work...

IF THE ZOMBIE HORROR GENRE teaches us anything, it is never to celebrate too soon. Beware the hubris of a character who walks from the graveyard victorious, failing to anticipate an undead hand pushing up through the soil. And so it was with defeat of the Cyber Intelligence Sharing and...

Tonight’s Rumble discusses Paul Ryan becoming the next speaker, John Kasich’s lashing out at his rival candidates, and whether Trump is done. Thom talks about the Senate’s passing of the Cybersecurity Information Sharing Act (CISA) with the Electronic Freedom Frontier’s Nadia Kayyali, and in tonight’s Daily Take Thom discusses the...